Does Accept Authorize.NET Payments Using Contact Form 7 have any unpatched vulnerabilities?

No. All known vulnerabilities in Accept Authorize.NET Payments Using Contact Form 7 have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Accept Authorize.NET Payments Using Contact Form 7 compatible with WordPress 6.9.4?

According to WordPress.org data, Accept Authorize.NET Payments Using Contact Form 7 2.7 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

What is Accept Authorize.NET Payments Using Contact Form 7's security score?

Accept Authorize.NET Payments Using Contact Form 7 has a WP-Safety security score of 98/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Accept Authorize.NET Payments Using Contact Form 7 Security & Risk Analysis

wordpress.org/plugins/accept-authorize-net-payments-using-contact-form-7

Contact Form 7 - Integrate Authorize.Net payment gateway for making your payments through Contact Form 7.

100 active installs v2.7 PHP + WP 4.9+ Updated Dec 16, 2025

accept-credit-card-paymentadditional-settingscontact-formcontact-form-7

A · Safe

CVEs total2

Unpatched0

Last CVEJun 27, 2025

Download

Safety Verdict

Is Accept Authorize.NET Payments Using Contact Form 7 Safe to Use in 2026?

Generally Safe

Score 98/100

Accept Authorize.NET Payments Using Contact Form 7 has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Jun 27, 2025Updated 3mo ago

Risk Assessment

The plugin "accept-authorize-net-payments-using-contact-form-7" v2.8 presents a mixed security posture. While it demonstrates good practices such as using prepared statements for all SQL queries and a high percentage of properly escaped output, several concerning elements are present. The presence of two AJAX handlers without authentication checks significantly widens the attack surface, making these entry points vulnerable to unauthorized actions. Furthermore, the use of the `unserialize` function, even if the taint analysis did not flag critical or high severity flows, is a known risk vector that can lead to Remote Code Execution if exploited with crafted input.

The plugin's vulnerability history indicates a pattern of 'Exposure of Sensitive Information to an Unauthorized Actor', with two past medium severity CVEs. Although there are no currently unpatched vulnerabilities, this history suggests that improper handling of sensitive data has been an issue in the past. The last vulnerability being in the future (2025) is likely a data anomaly. Overall, while the plugin has strengths in its handling of database queries and output, the unprotected AJAX endpoints and the use of `unserialize` necessitate careful consideration and potential mitigation strategies.

Key Concerns

Unprotected AJAX handlers
Use of dangerous function: unserialize
Vulnerability history (2 medium CVEs)

Vulnerabilities

Accept Authorize.NET Payments Using Contact Form 7 Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2025-53322medium · 5.3Exposure of Sensitive Information to an Unauthorized Actor

Accept Authorize.NET Payments Using Contact Form 7 <= 2.5 - Unauthenticated Information Exposure

Jun 27, 2025 Patched in 2.6 (11d)

CVE-2024-12250medium · 5.3Exposure of Sensitive Information to an Unauthorized Actor

Accept Authorize.NET Payments Using Contact Form 7 <= 2.2 - Unauthenticated Information Exposure

Dec 17, 2024 Patched in 2.3 (1d)

Code Analysis

Analyzed Mar 16, 2026

Accept Authorize.NET Payments Using Contact Form 7 Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

186 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$attachment = ( !empty( get_post_meta( $post->ID, '_attachment', true ) ) ? unserialize( get_post_meinc\admin\class.cf7adn.admin.action.php:693

Bundled Libraries

Select2

Output Escaping

82% escaped227 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

4 flows1 with unsanitized paths

action__admin_init (inc\admin\class.cf7adn.admin.action.php:237)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Accept Authorize.NET Payments Using Contact Form 7 Attack Surface

Entry Points2

Unprotected2

AJAX Handlers 2

authwp_ajax_cf7_cf7adn_validationinc\class.cf7adn.php:122

noprivwp_ajax_cf7_cf7adn_validationinc\class.cf7adn.php:123

WordPress Hooks 36

actioninitinc\admin\class.cf7adn.admin.action.php:24

actioninitinc\admin\class.cf7adn.admin.action.php:25

actionadd_meta_boxesinc\admin\class.cf7adn.admin.action.php:26

actionsetup_themeinc\admin\class.cf7adn.admin.action.php:27

actionadmin_menuinc\admin\class.cf7adn.admin.action.php:29

actionadmin_initinc\admin\class.cf7adn.admin.action.php:30

actionwpcf7_save_contact_forminc\admin\class.cf7adn.admin.action.php:33

actionmanage_cf7adn_data_posts_custom_columninc\admin\class.cf7adn.admin.action.php:35

actionpre_get_postsinc\admin\class.cf7adn.admin.action.php:37

actionrestrict_manage_postsinc\admin\class.cf7adn.admin.action.php:38

actionparse_queryinc\admin\class.cf7adn.admin.action.php:39

actionadmin_noticesinc\admin\class.cf7adn.admin.action.php:92

actionadmin_noticesinc\admin\class.cf7adn.admin.action.php:245

actionadmin_noticesinc\admin\class.cf7adn.admin.action.php:279

actionadmin_noticesinc\admin\class.cf7adn.admin.action.php:351

actionadmin_noticesinc\admin\class.cf7adn.admin.action.php:364

actionadmin_noticesinc\admin\class.cf7adn.admin.action.php:372

actionadmin_noticesinc\admin\class.cf7adn.admin.action.php:377

filterwpcf7_editor_panelsinc\admin\class.cf7adn.admin.filter.php:25

filterpost_row_actionsinc\admin\class.cf7adn.admin.filter.php:26

filterplugin_action_linksinc\admin\class.cf7adn.admin.filter.php:27

filtermanage_edit-cf7adn_data_sortable_columnsinc\admin\class.cf7adn.admin.filter.php:29

filtermanage_cf7adn_data_posts_columnsinc\admin\class.cf7adn.admin.filter.php:30

filterbulk_actions-edit-cf7adn_datainc\admin\class.cf7adn.admin.filter.php:31

actionadmin_menuinc\admin\class.cf7adn.admin.php:26

actionadmin_print_footer_scriptsinc\admin\template\cf7adn.template.php:446

actioninitinc\class.cf7adn.php:38

actionsetup_themeinc\class.cf7adn.php:39

actionplugins_loadedinc\class.cf7adn.php:40

actionadmin_noticesinc\class.cf7adn.php:47

actioninitinc\class.cf7adn.php:56

actionwpcf7_admin_initinc\class.cf7adn.php:121

actionwp_enqueue_scriptsinc\front\class.cf7adn.front.action.php:24

filterwpcf7_form_elementsinc\front\class.cf7adn.front.filter.php:27

filterquery_varsinc\front\class.cf7adn.front.php:31

filtertemplate_includeinc\front\class.cf7adn.front.php:32

Maintenance & Trust

Accept Authorize.NET Payments Using Contact Form 7 Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 16, 2025

PHP min version

Downloads11K

Community Trust

Rating100/100

Number of ratings8

Active installs100

Alternatives

Accept Authorize.NET Payments Using Contact Form 7 Alternatives

Accept Elavon Payments using Contact Form 7

contact-form-7-elavon-converge

100

Integrate elavon payment gateway for making your payments through Contact Form 7.

40 No CVEs

Database Addon for Contact Form 7 – CFDB7

contact-form-cfdb7

Save and manage Contact Form 7 messages. Never lose important data. It is a lightweight contact form 7 database plugin.

600K 7 CVEs

ReCaptcha v2 for Contact Form 7

wpcf7-recaptcha

100

Adds reCaptcha v2 from Contact Form 7 5.0.5 that was dropped on Contact Form 7 5.1

200K No CVEs

Redirection for Contact Form 7

wpcf7-redirect

Redirect to any page or URL, execute scripts after submission, save data to the database, and unlock additional submission actions for Contact Form 7.

200K 14 CVEs

Conditional Fields for Contact Form 7

cf7-conditional-fields

Adds conditional logic to Contact Form 7.

100K 4 CVEs

Developer Profile

Accept Authorize.NET Payments Using Contact Form 7 Developer Profile

ZealousWeb

18 plugins · 7K total installs

trust score

Avg Security Score

98/100

Avg Patch Time

88 days

View full developer profile

Detection Fingerprints

How We Detect Accept Authorize.NET Payments Using Contact Form 7

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/accept-authorize-net-payments-using-contact-form-7/inc/admin/template/cf7adn.template.php

Script Paths

cf7adn_admin_js

HTML / DOM Fingerprints

HTML Comments

Data Attributes

data-cf7adn-admin-js

JS Globals

cf7adn

FAQ

Accept Authorize.NET Payments Using Contact Form 7 Security & Risk Analysis

Is Accept Authorize.NET Payments Using Contact Form 7 Safe to Use in 2026?

Generally Safe

Key Concerns

Accept Authorize.NET Payments Using Contact Form 7 Security Vulnerabilities

CVEs by Year

Severity Breakdown

Accept Authorize.NET Payments Using Contact Form 7 Code Analysis

Dangerous Functions Found

Bundled Libraries

Output Escaping

Data Flow Analysis

Accept Authorize.NET Payments Using Contact Form 7 Attack Surface

AJAX Handlers 2

Accept Authorize.NET Payments Using Contact Form 7 Maintenance & Trust

Maintenance Signals

Community Trust

Accept Authorize.NET Payments Using Contact Form 7 Alternatives

Accept Elavon Payments using Contact Form 7

Database Addon for Contact Form 7 – CFDB7

ReCaptcha v2 for Contact Form 7

Redirection for Contact Form 7

Conditional Fields for Contact Form 7

Accept Authorize.NET Payments Using Contact Form 7 Developer Profile

How We Detect Accept Authorize.NET Payments Using Contact Form 7

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Accept Authorize.NET Payments Using Contact Form 7